I'm trying to improve the deliverability of my email from a domain on my server to Hotmail and MSN addresses.

So far I have assigned the domain a dedicated IP address, and have requested the host to apply reverse DNS.

My autoresponder vendor has advised that I should also enable SPF and DKIM records. I understand that I do this through the Advanced DNS Zone Editor in cPanel. However, I don't know what to put in the various boxes! Can anyone advise me where I get this info from?

Actually you do it through the Email Authentication option under the Mail section.

Click to expand...

It seems to be a bit more complicated than that. The Email Authentication option under the Mail section applies to incoming mail.
I'm trying to set up DKIM for out going mail.

I've found one reference which says it is done through the Advance DNS Zone Editor, but doesn't really explain much more. Then there are these instructions /http://www.digitalsanctuary.com/tech-blog/debian/setting-up-spf-senderid-domain-keys-and-dkim.html which seem to apply to smpt mail whereas I'm using Exim.

==========================================================
Summary of Results
==========================================================
SPF check: neutral
DomainKeys check: neutral
DKIM check: neutral
Sender-ID check: neutral
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: avasout02.plus.net
Source IP: 212.159.14.17
mail-from: myles@domain removed
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: neutral (SPF-Result: Neutral)
ID(s) verified: smtp.mailfrom=myles@magicalwonders.com
DNS record(s):
magicalwonders.com. SPF (no records)
magicalwonders.com. 12796 IN TXT "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all"
magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
magicalwonders.com. 12796 IN A 198.23.157.249
magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
magicalwonders.com. 12796 IN A 198.23.157.249
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=myles@magicalwonders.com
DNS record(s):
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified:
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: neutral (SPF-Result: Neutral)
ID(s) verified: header.From=myles@magicalwonders.com
DNS record(s):
magicalwonders.com. SPF (no records)
magicalwonders.com. 12796 IN TXT "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all"
magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
magicalwonders.com. 12796 IN A 198.23.157.249
magicalwonders.com. 12797 IN MX 0 magicalwonders.com.
magicalwonders.com. 12796 IN A 198.23.157.249
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)
Result: ham (0.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at [url=http://www.dnswl.org/]dnswl.org - Protect against false positives[/url], low
trust
[212.159.14.17 listed in list.dnswl.org]
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4570]
==========================================================
Explanation of the possible results (from RFC 5451)
==========================================================
SPF and Sender-ID Results
=========================
"none"
No policy records were published at the sender's DNS domain.
"neutral"
The sender's ADMD has asserted that it cannot or does not
want to assert whether or not the sending IP address is authorized
to send mail using the sender's DNS domain.
"pass"
The client is authorized by the sender's ADMD to inject or
relay mail on behalf of the sender's DNS domain.
"policy"
The client is authorized to inject or relay mail on behalf
of the sender's DNS domain according to the authentication
method's algorithm, but local policy dictates that the result is
unacceptable.
"fail"
This client is explicitly not authorized to inject or
relay mail using the sender's DNS domain.
"softfail"
The sender's ADMD believes the client was not authorized
to inject or relay mail using the sender's DNS domain, but is
unwilling to make a strong assertion to that effect.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability to
retrieve a policy record from DNS. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being absent or
a syntax error in a retrieved DNS TXT record. A later attempt is
unlikely to produce a final result.
DKIM and DomainKeys Results
===========================
"none"
The message was not signed.
"pass"
The message was signed, the signature or signatures were
acceptable to the verifier, and the signature(s) passed
verification tests.
"fail"
The message was signed and the signature or signatures were
acceptable to the verifier, but they failed the verification
test(s).
"policy"
The message was signed but the signature or signatures were
not acceptable to the verifier.
"neutral"
The message was signed but the signature or signatures
contained syntax errors or were not otherwise able to be
processed. This result SHOULD also be used for other
failures not covered elsewhere in this list.
"temperror"
The message could not be verified due to some error that
is likely transient in nature, such as a temporary inability
to retrieve a public key. A later attempt may produce a
final result.
"permerror"
The message could not be verified due to some error that
is unrecoverable, such as a required header field being
absent. A later attempt is unlikely to produce a final result.

It looks like it's saying I have no SPF record - I entered "v=spf1 mx ip4:198.23.157.249 mx:magicalwonders.com ?all" So not sure what's gone wrong?

Yes, I've looked at the page, but I haven't implemented the changes yet. Should that really be done before creating the SPF and DKIM records?

The first part of the instructions are fine, but I've not created files from the command line yet, so I'll need to read up on that.

....I've just had a look using Bitvese SSH Client. As well as a command line it displays all the files on the server, very much like FileZilla. I can see under /etc that the two files mailhelo and mailips already exist, and were created on 7th Feb. They are showing file size 0. Is my next step to download them, edit them with nano, vi, or vim, and upload back to the directory?

You probably should not edit anything like this in notepad, or MS wizard or anything else other than from the command line, logged in as root. There are plenty of threads on this forum, and docs and how-tos via Google to get you going in the right direction. You should read up a bit before making any changes to be safe.

I'm curious why the person with the original question needed to ask the same question over and over again.
Why couldn't the Product Evangelist have given all the instructions in one entry?
It seems to have been unnecessarily drawn out.

Staff Member

I'm curious why the person with the original question needed to ask the same question over and over again.
Why couldn't the Product Evangelist have given all the instructions in one entry?
It seems to have been unnecessarily drawn out.

I'm curious why the person with the original question needed to ask the same question over and over again.
Why couldn't the Product Evangelist have given all the instructions in one entry?
It seems to have been unnecessarily drawn out.

Click to expand...

Well, I am the OP and I don't believe I asked the same question over and over again. Lol. I was stuck with a problem that has conflicting advice from around the internet. So I posted on this forum. Was it wrong to engage in a dialogue and seek clarification on a subject I was confused about?

Whilst on the subject of curiosity however, I'm now curious as to why someones first post resurrects a thread that has been dormant for three months! Lol